Squid Web Proxy Port Scanner Vulnerability

vendor:

Squid Web Proxy

by:

SecurityFocus

7,5

CVSS

HIGH

Port Scanner Vulnerability

200

CWE

Product Name: Squid Web Proxy

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Squid Web Proxy Port Scanner Vulnerability

Squid servers, when configured as an 'HTTP accelerator only', may allow remote attackers to use them as port scanners. There is also a potential that they will grant proxied access to the malicious user. To exploit this vulnerability, an attacker would set squid to HTTPD_accel mode, with a particular host and strict ACL's, export httpd_proxy='HTTP://squid-server:port', and use lynx HTTP://victim:port/. If the port is open, the attacker will get a HTTP 200 code and sometimes a response with some services SSH, SMTP, etc. The expected result should be access denied (403).

Mitigation:

It should be noted that this is not a default configuration for affected versions of Squid Web Proxy.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3062/info

Squid is a free client-side web proxy that retrieves cached web pages for quick browsers and a reduction in bandwidth consumption.

Squid servers, when configured as an "HTTP accelerator only", may allow remote attackers to use them as port scanners. There is also a potential that they will grant proxied access to the malicious user.

It should be noted that this is not a default configuration for affected versions of Squid Web Proxy.

1. Set squid to HTTPD_accel mode, with a particular host and strict
acl's

2. export httpd_proxy="HTTP://squid-server:port"


3. lynx HTTP://victim:port/

Actual Results: You get a HTTP 200 code if the port is open and
sometimes a response with some services SSH, SMTP, etc

Expected Results: Should be access denied (403)